logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

358 Insecure service configuration - DocumentBuilderFactory

Description

DocumentBuilderFactory is insecurely configured, which makes it susceptible to XXE attacks.

Impact

- Read confidential information. - Execute commands on the server.

Recommendation

Securely configure DocumentBuilderFactory.

Threat

Authorized attacker from the Internet.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

  • Attack vector: N
  • Attack complexity: H
  • Attack Requirements: N
  • Privileges required: L
  • User interaction: A
  • Confidentiality (VC): L
  • Integrity (VI): L
  • Availability (VA): N
  • Confidentiality (SC): N
  • Integrity (SI): N
  • Availability (SA): N

Threat 4.0

  • Exploit maturity: P

Requirements

Last updated

2024/02/20